Is cloud secure for my business?

Attended the 5 hour webinar on Google OnAir cloud platform on Oct 7th 2017. Though they covered five sessions on various topics, the Security topic got me interested, as it matters most especially when we have to decide for our clients. All clients and pretty much all over the world have this most over-frequently asked question "Is Cloud secure for my business?" I was one of them too until I got onto cloud myself in Septemer 2015, as a technical developer building something for my one and only client on Microsoft's Azure cloud platform.

I liked the below image shared during the webinar.

image courtesy: Google

These are actual cables owned, deployed by Google for the purpose of cloud. Whoever accesses the cloud will have to pass through these cables only. So that is one level of security I liked. No one can tamper the data on the way because the cloud ensures the data is encrypted, uncorrupted and inaccessible through privately owned cables.

Also I liked the fact that there is a cable connection deployed to connect my hometown Mumbai.


The other thing I liked was this next image.

image courtesy: Google

This is a chip mounted on every hardware that Google maintains on cloud. Only hardware with these chips and proper authentication can access each other hardware. Its a hardware to hardware security. All hardware outside the cloud cannot access it either via hardware and definitely not with any software tricks. I liked the fact that security is embedded at hardware level itself.

The next image that took my attention was the below one.

image courtesy: Google

So I personally have a web application deployed on my current Microsoft Azure cloud platform. The second set of bar graph indicates that Web application security is a responsibility of IT and not Google.This is true for any cloud partner actually. So here is where companies/cloud clients have to make sure your app usernames, passwords, sensitive data in database is well secured.It is not responsibility of cloud if you open up your app without any security measures. As such only IPs that are configured on cloud can enter in and access the hardware and file resources with appropriate authentication.

In regards to app security, though there are few obvious things that one can do such as "https setting is on", here are few other basic things that are not so obvious which I recommend.

1. Keep your database file on disk with encryption option on. 

Though we use big databases, it is ultimately just any other file on a disk within the cloud. Make sure your database file stored on the disk within the cloud is always in encrypted format. Google and Azure both give you this option. A simple file copy from a mischief person, even though if he or she is from within the cloud company (in this case Google) will not help, without him/her having the ability to decrypt the disk file. The cloud alone can decrypt the database files whenever there is a data request from the authenticated apps only. I like this feature where cloud company gives you an additional protection layer of customers data from its internal employees too. As such, the cloud security ensures that even if database file is in unencrypted format on their disk, it is not accessible from any hardware that is not authenticated (remember that hardware chip). But there is no harm in having a double door security at app level. Right?


2. Keep your authentication information in configuration readable files in encrypted format

Your username, password in any configuration files should be in encrypted format and not in readable format else any mischief person breaking into these configuration files can read simple text username, password and be able to access the database from the configured IPs on cloud. (for example web.config in .Net apps are one such file). As such cloud will not allow beyond its boundaries, any IPs that are not configured to cross its firewall. But what if this web.config file is in adminstrator's personal laptop and his laptop is hacked. There is no harm in having double door security at app level. Right?

3. Keep your data in database in encrypted format

The third thing I noticed was seminar claiming that the cloud platform follows HIPPA security standards along with many other well established security standards. I was happy to know about it. The HIPPA standards are related to data dealing with medical patients , healthcare mostly and its relevant to me as I am building a product for pharmacy stores in US. I have one such requirement where I am dealing with patients basic personal information. I am paranoid and worried that if anyone has user name and password and IP authentication, then they will manage to read my database on cloud, they will have access to patients information stored in simple text format with a execution of a simple SQL query. The bar graph in the image above clearly indicates that patients data, which would be collected by app has to be protected by the app and it would not be Google's responsibility. So even though cloud platforms try to implement HIPPA standards or any such standards, I recommend cloud customers to store all your patients data or for that matter, any critical or important data within their database in encrypted format only, if its possible and not a much overhead. Once the data in the database itself is in encrypted format, then mischief user will not be able to understand the data, even though he can query the data into the SQL server or any other form of database.  Remember, there is no harm in having double door security at app level. Right?

The next slide that caught my attention was the below one. Google Virtual Private Cloud Network

image courtesy: Google

This is similar to how intranet operates in companies with their own infrastructure. In intranet, all resources such as desktops, servers, networks, users, applications and any thing that is created , retained and destroyed remains within this 'private' company's network. There are only few servers that outsiders can access the internet and that too is protected by firewalls. Google VPC network provides the features of intranet.

One can always create multiple networks within this intranet kind of network, which can operate restrictively with each other under the same umbrella. Google VPC network is ideal for medium to big size organizations who want to run their entire infrastructure under a private cloud. There is no interference from internet per say.

Why cloud is important for small size business organization?

For new enterpreneurs that cannot afford hardware, software, office, cloud is a very good option and the only option.

Why cloud is important for medium size business organization?  

With growing need for big data management, data analytics, AI, cognitive services and lately quantum computers getting prominence,  even medium size organization cannot afford to buy, install and maintain these kind of demanding software neither its easy to have skilled resources for the same. Its expensive and becomes cost ineffective at some point.

Why cloud is important for big size organization?  
 
With so many economic, natural, political uncertainties in todays world and add to that decentralized technologies like blockchain technology taking over currency market and more, it will make sense if big organization have a cloud of their own atleast as a backup resource and at some point shift to cloud itself to meet the demanding challenges of  new future technologies. As such cloud infrastructure is almost available to dwell within your own country's boundaries and thereby adding another layer of security.

Today the big question is no longer "Is cloud secure for my business?"

Today the big question is "Is my business secure without cloud?"

Briefing: #Codeup Artificial Intelligence & Machine learning

I attended a meetup on artificial intelligence and machine learning sponsored and organized by PayU at Mumbai on Oct 7th 2017. I am seeing lot of medical practitioners in these places. There were some data scientist, ai programmers.

I came across terms like Deep learning, neural network, Vega (Deep learning platform), Value of pretraining, data distribution, cost of misclassification, Activation maps in Image analysis, Counter factual process, openai, epochs

Vega platform has layers, GUI based approach. Python has pipeline approach. Cypher datasets used in Image classification. Deep learning is a subset of Machine learning.

Qure.ai specializes in reading and interpreting x-ray, mri scan images. AI is all about one number multiplied with another number which in turn is multiplied with another number and it goes on. AI is matrix multiplication.

AI has three broad categories namely Language, Vision and Speech. Qure.ai focuses on vision analysis.

Vision analysis steps are classification (which objects are there in image such as man, sheep, dog), object detection (ability to create a box around each image for further analysis), segmentation (ability to extract the object  totally out the image and process it deeper such as what is the eye colour, body language etc )

Perturbation method , one of the technique used in image analysis where image is divided into tabular rows and column cells. Each cell is analyzed as a separate image. And in final approach, try to corelate all cells.

Another technique is Super pixels classification. In this pixels with similar intensity is grouped together (example sections are highlighted as per brightness of every pixel). It's probably a LIME heatmap representation of an image.

Torch lights are eyes of Image analysis. Different type of torch lights are used to decipher an image from various perspectives.

These analysis are run through AI model to create different types of probability plots.

Recommended coursera course by Andrew Ng. CS219 lectures by Andrej. Some tools in market are Pytorch, Keras,  Tensorflow, Theano, OpenCV, Skimage